GIT.Harvie.CZ / mirrors / Kyberia-bloodline.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Cleared upload_data , commented out "gallery" feature, commented out jabber from...
[mirrors/Kyberia-bloodline.git] / wwwroot / inc / eventz / upload_data_file.inc
1 <?php
2
3 function upload_data_file() {
4 // XXX sec. bug over sec. bug
5
6 global $db,$error,$node;
7
8 require(INCLUDE_DIR.'filez.inc');
9
10 if (($node['node_permission']!='owner') &&
11 ($node['node_permission']!='master')) {
12 $error=$error_messages['EVENT_PERMISSION_ERROR'];
13 return false;
14 }
15
16 $node_id=$node['node_id'];
17
18 if ( !filez::upload_filename_secure($_FILES['data_file']['name'])) {
19 $error = 'bad, naughty file type. Cruise missile launched.';
20 return false;
21 }
22
23 if (!is_dir(FILE_DIR.$_SESSION['user_id'])) {
24 mkdir(FILE_DIR.$_SESSION['user_id']);
25 }
26
27 $suffix = array_pop(explode('.', basename($_FILES['data_file']['name'])));
28
29 if ($suffix=='zip' && $_POST['unzip']) {
30 mkdir(TMP."/".$_FILES['data_file']['name']);
31
32 // directory traversal si dissabled by default from zip v 5.50
33 $cmd="unzip ".$_FILES['data_file']['tmp_name']." -d "
34 .TMP."/".$_FILES['data_file']['name'];
35
36 shell_exec($cmd);
37 $handle=opendir(TMP."/".$_FILES['data_file']['name']);
38
39 // XXX move this mess into a function
40 while (($file = readdir($handle))!==false) {
41 if ($file!="." && $file!="..") {
42
43 // Need to check extenstions of all extracted files
44 if ( !filez::filename_secure($_FILES['data_file']['file'])) {
45 $error = 'ale ale, kto nam to tady loupe pernicek.. ';
46 return false;
47 }
48
49 $node_params['node_name']=$file;
50 $node_params['node_creator']=$_SESSION['user_id'];
51 $node_params['template_id']=DEF_DATA_TEMPLATE;
52 $node_params['node_parent']=$node['node_id'];
53
54 $node_params['node_content']=$file;
55 $datanode_id=nodes::addNode($node_params);
56 $file_suffix = array_pop(explode('.', basename($file)));
57 copy(TMP."/".$_FILES['data_file']['name']."/".$file,
58 FILE_DIR.$_SESSION['user_id'].'/'.$datanode_id.".$file_suffix");
59 symlink(FILE_DIR.$_SESSION['user_id'].'/'.$datanode_id.".$file_suffix",
60 SYSTEM_ROOT.'/files/'.$datanode_id);
61
62 # Removed for now, need complete rewrite
63
64 # if ($_POST['gallery']) {
65 # $node_params['template_id']=DEF_GALLERY_TEMPLATE;
66 # $image=TMP."/".$_FILES['data_file']['name']."/".$file;
67 # $image_name=$file;
68 # $width=NODE_IMAGE_WIDTH;
69 #
70 # if (stristr($image_name,".jpg") ||
71 # stristr($image_name,".jpeg") ){
72 #
73 # /// XXX UTILZ_DIR is not set. remove?
74 # $cmd=UTILZ_DIR."/jpegtopnm $image |".UTILZ_DIR."/pnmscale -width=$width | ".UTILZ_DIR."ppmquant 256 |".UTILZ_DIR."ppmtogif >".SYSTEM_ROOT.SYSTEM_IMAGES.'/nodes/'.substr($datanode_id,0,1)."/".substr($datanode_id,1,1)."/".$datanode_id.".gif";
75 # }
76 # elseif (stristr($image_name,".gif")) {
77 # $cmd=UTILZ_DIR."/gifsicle --resize ".$width."x_ $image > ".SYSTE_ROOT.SYSTEM_IMAGES.'/nodes/'.substr($datanode_id,0,1)."/".substr($datanode_id,1,1)."/".$datanode_id.".gif";
78 # }
79 # if ($cmd) {
80 # shell_exec($cmd);
81 # }
82 # // XXX WTF
83 # echo $cmd;
84 # }
85 }
86 }
87 closedir($handle);
88 die();
89 }
90
91 else {
92 copy($_FILES['data_file']['tmp_name'],
93 FILE_DIR.$_SESSION['user_id'].'/'.$node['node_id'].".$suffix");
94 symlink(FILE_DIR.$_SESSION['user_id'].'/'.$node['node_id'].".$suffix",
95 SYSTEM_ROOT.'/files/'.$node['node_id']);
96 }
97 }
98 ?>
https://github.com/Kyberia/Kyberia-bloodline.git (mirrored @ Fri, 17 May 2024 13:40:08 +0200)
This page took 0.358294 seconds and 4 git commands to generate.